# create a new releng system
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this instance on the buildvmhost
# NOTE: most of these vars_path come from group_vars/releng or from hostvars

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-s390-01.s390.fedoraproject.org"

- name: Setup releng compose hosts
  hosts: releng-compose:releng-secondary:releng-stg
  user: root
  gather_facts: True
  tags:
   - releng-compose

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
  - base
  - hosts
  - builder_repo
  - fas_client
  - rkhunter
  - nagios_client
  - collectd/base
  - sudo
  - role: keytab/service
    service: compose
    host: "composer.stg.phx2.fedoraproject.org"
    when: env == "staging"
  - role: keytab/service
    service: compose
    host: "koji{{env_suffix}}.fedoraproject.org"
    owner_group: releng-team
  - role: keytab/service
    service: mash
    host: "koji{{env_suffix}}.fedoraproject.org"
  - role: loopabull/target
    loopabull_role: koji
    when: inventory_hostname == 'composer.stg.phx2.fedoraproject.org'
  - role: loopabull/target
    loopabull_role: ociimage
    when: inventory_hostname == 'composer.stg.phx2.fedoraproject.org'
  - { role: nfs/client, when: "'releng-stg' not in group_names",  mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: "{{ koji_hub_nfs }}" }
  - { role: nfs/client, when: "'releng-compose' in group_names", mnt_dir: '/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
  - { role: nfs/client, when: "'releng-secondary' in group_names", mnt_dir: '/pub/fedora-secondary',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' }
  - { role: nfs/client, when: "'releng-stg' in group_names", mnt_dir: '/mnt/fedora_koji_prod',  nfs_src_dir: "{{ koji_hub_nfs }}" }
  - fedmsg/base
  - role: releng
    tags:
    - releng
  - {
    role: "manage-container-images",
      cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org",
      cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem",
      key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key",
    when: env == "staging"
  }
  - {
    role: "manage-container-images",
      cert_dest_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org",
      cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem",
      key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key",
    when: env == "staging"
  }


  tasks:
  # this is how you include other task lists
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
  - import_tasks: "{{ tasks_path }}/motd.yml"

  - name: install skopeo for container management
    package:
      name: skopeo
      state: latest
    when: ansible_architecture != "ppc64"
    tags:
    - containerrebuild

  - name: install docker for container management
    package:
      name: docker
      state: latest
    when: ansible_architecture != "ppc64"
    tags:
    - containerrebuild

  - name: enable and start docker service
    service:
      name: docker
      state: started
      enabled: yes

  - name: install ansible for container automated rebuilds
    package:
      name: "{{item}}"
      state: latest
    with_items:
      - ansible
      - python2-dockerfile-parse
    when: ansible_architecture != "ppc64"
    tags:
    - containerrebuild

  - name: set releng user keytab
    copy:
      src: "{{private}}/files/keytabs/{{env}}/releng"
      dest: /etc/krb5.releng.keytab
      owner: root
      group: "releng-team"
      mode: 0640
    tags:
    - containerrebuild

  - name: copy releng ssh key for rebuild fedpkg/distgit pushes
    copy:
      src: "{{private}}/files/releng/sshkeys/container-rebuild-{{env}}"
      dest: /etc/pki/releng
      owner: root
      group: "releng-team"
      mode: 0600
    tags:
    - containerrebuild

  - name: place relengpush script for automatic rebuilds
    copy:
      src: "{{files}}/releng/relengpush"
      dest: "/usr/local/bin/relengpush"
      owner: root
      group: "releng-team"
      mode: 0750
    tags:
    - containerrebuild

  - name: place relengpush int script for automatic rebuilds
    copy:
      src: "{{files}}/releng/relengpush-int"
      dest: "/usr/local/bin/relengpush-int"
      owner: root
      group: "releng-team"
      mode: 0750
    tags:
    - containerrebuild


  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
